| With the increasing use of the personal PC, home computers, business unitcomputers and the rapid development of the Internet, high technology brings usmore and more convenient in life. However, everything is a "double-edgedsword". At the same time with the rapid development of high technology, thesecurity issues it exposes have brought people and the country serious losses.Increasingly complex network environment makes the traditional defensesystem gradually abandoned by people, so people increasingly use the networkintrusion detection systems. And as a second safety protection measure, it isadded after the first network security protection measure of firewall. However,in spite of the convenient that intrusion detection system has brought, it alsobrings a lot of false alarms in testing time, and the large number of alerts makesit more difficult for managers to administer network. Therefore, how to developa practical and efficient system which can significantly reduce the number offalse alarms has the great significance to the development of the network, anddeveloping a complete technology of elimination of false alarms intrusion has become an important research topic for many scholars today.As the "life guards", artificial immune system can response against antigensof foreign microbes or other foreign matter which is based on the recognition of"self" and "non-self", and thus playing three important functions of immunedefense, immune homeostasis and immune surveillance so that clearing theantigen to maintain stability within their own environment. The mainresponsibility of intrusion system is to detect the operating conditions ofnetwork and timely identify and prevent the external and even internal networkattacks by combining the immune theory with other methods to eliminate theredundant false alarms, thereby making the entire network effectively operationwith little impact of load. In this light, the biological immune system andintrusion system have many similar components, and thus more and moreforeign scholars design a lot of artificial intrusion systems on the basis ofbiological immunology and apply it to the network intrusion model, which notonly enhance the defense capability of the system, but also solve the problemthat a large number of false alarms caused by intrusion detection and greatlyreduce the load for the network administrators.This paper describes the concepts of artificial immune theory, techniques ofintrusion detection theory and the techniques of eliminating false alarmsgenerated by IDS in detail and primarily makes a deep study and discussion onthe techniques which current domestic and foreign scholars has used to reducethe number of false alarms generated in the process of intrusion detection. Although the developed detection systems can significantly improve thedetection rate, it still will have redundant detector thus affecting the efficiency ofthe detection system. At the same time, the detection system cannot fullyidentify the behavior of activities, and a large number of false alarms caused bysuch system will increase the load. Therefore, an improved immune intrusionmodel-based optimization algorithm is proposed to solve these two issues. Themodel firstly adds the local outlier factor as a fitness function on the standardnegative select algorithm to optimize the detector generates, then combines thefuzzy logic theory with immunology knowledge to build the algorithm model toeliminate the false alarms. Finally, the proposed invasion of the model is verifiedthe feasibility and effectiveness by the model of network intrusion simulationexperiments. |
PDF Full Text Request